06.12.10

So a bunch of sites i use seem to have advert banners offering “government grants”…

One of these linked to www.janesgrantblog.com which claims to be written by someone in the uk who received several thousand in free government grants… The site even tries to guess where you are based on the IP address, and claims the person who wrote the site actually live there… If you access it from different IPs, the content of the site changes!

Only, she received her grant money in US DOLLARS… Now why would the UK government pay out grants in US currency? Not only that, but in order to get the “information” on how to claim these grants, you have to pay a fee which is also in USD… Now how stupid would someone have to be to fall for such an incompetent scam as this?

FYI: the actual page is www.janesgrantblog.com/uk.php?t202id=74508&t202kw=GUK112728 as the front page of the site seems not to have any content…

01.14.09

Has anyone ever heard about the “buyer protection” scheme PayPal offer, whereby buyers who have been ripped off can file disputes and hopefully try to get their money back…
Well, it turns out this does not apply if you buy anything deemed as a “service”, and many unscrupulous companies are using this to their advantage to rip people off. Take the following example.

We signed up for a dedicated server from a company called “Shrikehosting”. Paid for it up front on a Friday evening, and received an automated reply stating the server would be up and ready within 24 hours.
24 hours passed and the server was not up, in fact we had not heard anything so we filed a support ticket… It wasn’t until monday that we receive a reply stating that they don’t work at weekends, and that the server would be up later that day.
So we wait another 24 hours, still nothing… A few mails ping back and forth for about a week, each time they insist the server is “nearly ready”.
Meanwhile, we have already been inserted into their billing cycle, so we are already 1 week into the service we paid for, while having actually received no service.
So we query this and ask that the billing cycle be started when the server is brought up, and ask that the server be made available soon.
Another week, and they have not responded at all, and now blacklisted our email address so we cannot contact them anymore.

So we file a dispute with PayPal. For those who aren’t familiar with the dispute process… You file a dispute, which gives up to 20 days for both parties to communicate and try to resolve their differences. If you reach an agreement then the dispute can be cancelled, or allowed to expire after 20 days. If not, then either party can escalate the dispute to a claim at any time before the 20 day deadline. The idea is that then PayPal will investigate the dispute and make a decision on wether to issue a refund or not.

Our dispute was pretty simple. We had paid for a service which was supposed to be delivered in 24 hours, we had not been provided that service after 2 weeks, and the 2 weeks of waiting were being counted against the 1 month of service we had paid for up front.

Shrikehosting immediately escalated this dispute to a claim. They were clearly not prepared to talk, and were already familiar with PayPal’s claim process and how to use it for their fraudulent advantage. The escalation message said “This payment was for a service, 1 month server hosting and not for a physical product”.

PayPal very quickly denied our claim, and under their system once a claim has been denied you have no recourse for appeal or to make any further claim. They consider the case closed, and you well and truly screwed.

Luckily, we had paid by credit card so we had one course of action left – to dispute the charge with the card issuer. Luckily, the card issuer being a proper reputable bank and not an unregulated fraud haven like PayPal, accepted our dispute and credited the value of the transaction back to us immediately.

Had we paid using a debit card, or by a direct bank transfer which PayPal are always trying to encourage people to use (wonder why) we would have had absolutely no recourse and would have completely lost our money.

So if you are planning to commit fraud, simply start offering some kind of services online… Make a nice shiny looking website, and only accept PayPal as a form of payment. Don’t worry about what the services are, because you will never have to actually provide them. For a little extra credit, see if you can keep the victim fooled until after one or more billing cycles so you can rip them off even more.

So today, as with most days, i received a phishing email, this one purporting to be from eBay and asking me to visit a URL to “confirm” my security details… What made this one so special? judge for yourself:
Date: Wed, 14 Jan 2009 23:51:20 +0800
From: Support
To: undisclosed-recipients: MISSING_MAILBOX@MISSING_DOMAIN ;
Subject: Messge from eBay -

Dear eBay Member,
This is your official notification from eBay. Your online has expired.
If you want to continue using our service you have to renew your online.
If not, your online will be limited and deleted.
To confirm your Account records click on the following link:

So apparently my “online” has expired, and it will soon be limited and deleted unless i confirm my username and password to eBay’s new chinese division which is kindly being hosted by Guangzhou University Of Tradicinal Chinese Medicine.

I can’t believe anyone could possibly be stupid enough to fall for a scam as pathetically engineered as this one… It doesn’t even look in the least bit light a legitimate email from eBay.